tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Jones <sc...@on-sitemanager.com>
Subject SSL Detection (mod_jk, openssl, apache)
Date Mon, 05 Nov 2001 16:33:54 GMT
Hello,

I'd like to restrict a certain area of our application to 128 bit
encryption only, but I want to provide information and links for people
if they don't have the required encryption strength.  

I'm using mod_jk-eapi and Tomcat 3.2.3 with AJP 13.  I've included the
SSL section into my http.conf (see below).

Are there any variables available to my JSPs/servlets that can help me
determine whether to send people to the 128 bit encryption required
sections or not?

I saw in an article about Tomcat 4 (thanks, google)
[http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi.html]
that this information is available thanks to the 2.3 Servlet Specs like
this:  req.getAttribute("javax.servlet.request.key_size")  Is there
something similar for tomcat 3.x?  OR, do I need to think about
upgrading to Tomcat 4 sooner rather than later?

Thanks for any suggestions anyone has!

Cheers,

-Scott


###################################################################
#                     SSL configuration                           #
#
# By default mod_jk is configured to collect SSL information from
# the apache environment and send it to the Tomcat workers. The
# problem is that there are many SSL solutions for Apache and as
# a result the environment variable names may change.
#
# The following (commented out) JK related SSL configureation
# can be used to customize mod_jk's SSL behaviour.
#
# Should mod_jk send SSL information to Tomact (default is On)
 JkExtractSSL On
#
# What is the indicator for SSL (default is HTTPS)
 JkHTTPSIndicator HTTPS
#
# What is the indicator for SSL session (default is SSL_SESSION_ID)
 JkSESSIONIndicator SSL_SESSION_ID
#
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
 JkCIPHERIndicator SSL_CIPHER
#
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_\CERT)
 JkCERTSIndicator SSL_CLIENT_CERT
#
#                                                                 #
###################################################################



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message